Unlocking the Java Platform

At Oracle Open World 2011 last October Oracle's CEO to took a few shots at Heroku, (http://www.heroku.com) a fascinating cloud platform for deploying applications written in many development languages. Salesforce.com recently purchased Heroku and I have to say it is a very powerful and elegant platform. Although it supports many languages I will focus on Java for today.

Oracle was throwing FUD at Heroku and it made a few points that I feel were unfair, in particular one that stated that since Heroku is not based on J2EE standards that using Heroku would lock a customer in. Now let me make one thing clear, Oracle is correct on one point, Heroku is not based on J2EE. That's right, no J2EE support and that can be a *good* thing.

Heroku is in alignment with recent shifts in the Java community away from J2EE application servers toward frameworks that are based on Java the language and run-time platforms based on POJOs (plain old Java objects.) Oracle ignored this point and was talking like it was 1998, when the only way to scale Java was with an application server or framework that had an API that needed to be coded to.

Oracle was saying that because Heroku was not based on J2EE anybody that used it would be "locked-in." This makes absolutely no sense, Heroku was designed to make the transition from developer workstations to the production platform as seamless as possible. You don't need to buy a developer version of Heroku to work with because you are working with the Java Language and common open source libraries. This makes it much easier to move a Java app off Heroku then to move a J2EE app from Fusion to WebSphere or to remove the J2EE parts from a Fusion application if your organization wants to move away from J2EE.

The approach Heroku takes reduces lock-in by only requiring the developer to use Java, not the J2EE spec and the Fusion or WebSphere extensions that come with it.

That being said if you are using full J2EE and you want to use a container you can bring your embedded one with you to Heroku.  In this way your development platform matches your production Heroku environment. Heroku looks after scaling (Java) processes, be they web based (like a JSP/Servlet), worker based (like an EJB or POJO containing business logic), or time based (scheduled tasks).

The debate over the Heroku PaaS compared to a full J2EE application server would take more words then one blog post can contain but the point I wanted to clarify is that Heroku reduces vendor lock-in. If your development organization, like most, has already moved to Java based open source frameworks and uses a J2EE application server to simply scale Servlets, JSPs and POJOs Heroku is something you might want to take a serious look at.

Salesforce Overview

Many of my professional contacts have been asking me lately about what Salesforce all about. Here is a set of resources that show some of the key aspects of salesforce.com, I hope you find them useful if you are curious about the future of cloud computing.

Cloud Computing Overview

http://www.youtube.com/watch?v=ae_DKNwK_ms

Social Enterprise Vision

http://www.youtube.com/watch?v=ETRt7eDDpno

The Sales Cloud

http://www.youtube.com/watch?v=yN-fDOigVuY

Social Success in the Contact Centre
http://www.youtube.com/watch?v=WVw0yFzyy2k

Social Monitoring with Radian6

http://www.youtube.com/watch?v=EH1dcFh_-I4

Overview of Heroku (a Multi-Language PaaS)
http://www.youtube.com/watch?v=dqAXmratgzE

Heroku and Java
http://www.youtube.com/watch?v=PqLkjJvEMko

Heroku Platform Basics
http://devcenter.heroku.com/categories/platform-basics

Developerforce Workbooks
http://wiki.developerforce.com/page/Force.com_workbook

Multitenant Security in the Cloud

I was confused by Oracle CEO Larry Elison's comments during the Oracle Public Cloud keynote at OpenWorld 2011 which refered to salesforce.com's multitenant cloud as old technology and then referred to virtualization technology as newer, strongly implying that it is more advanced and a better solution.

The salesforce.com platform has had multitenancy for years, but that is not a weakness. Many cloud platforms are still trying to add the capability to seamlessly host multiple applications securely. So good on Oracle to try and use salesforce.com's strength as a weakness, however it has to be pointed out that saying the sky is green does not make it true.

As to ranking technology by age and saying that the oldest concept loses, I'll just bring up virtualization on mainframes and leave it at that.

Oracle's implication that a platform with multitenancy built-in is inferior to a design based on multiple virtualized single tenant platforms is just not true. All modern systems have, or at least should have, security implemented at some level of the technology stack and there are pros and cons of having the security higher up in the application platform, near the middle in the OS or hypervisor or at the bottom near the sectors of the storage device. All these options can be made secure if security was considered when the design was created.

Security was the highest design priority for salesforce.com. It is implemented at multiple layers in its platform (from individual database records to fields in the user interface) because the platform was designed with multitenancy in mind from the start.

In contrast designs based on virtualized operating systems running single tenant platforms can certainly be made secure if you take care to ensure every tenant gets a virtualized copy of every layer of your stack but unless multitenant security is built into the application development platform, like it is with salesforce.com, I would consider it a less secure architecture.

To summarize I feel that having security build into an application platform is a key requirement for a cloud platform whether or not the platform is hosted on virtualized operating systems, storage and networks.

Cheers,

Mark

Reference Architecture Foundation for Service Oriented Architecture Version 1.0

When I first saw a link to the "Reference Architecture Foundation for Service Oriented Architecture Version 1.0" document from OASIS I must admit I thought to myself that this must be some kind of mistake and this was an old link coming back from the dead, however this is a recent release.

Although such a weighty document is tough to review on a smart phone I was impressed with the overall scope, quality and detail included.

For example taking the concept of Roles in Social Structures and tying that to service permissions and obligations (Section 3.1) was when the document started to hook me personally and I found it got more engaging as I continued reviewing it. I'm looking forward to getting on a PC and giving this a more thorough read.

If you are interested in Reference Architectures, SOA or otherwise, I suggest you take a a look.

http://docs.oasis-open.org/soa-rm/soa-ra/v1.0/csprd02/soa-ra-v1.0-csprd02.html

Cloud Based BPM

The idea of cloud based BPM is very inviting but also little bit frightening.

Certainly a fully cloud based solution would result in less start up time for a project to lay down the initial process flows and get cross department buy in as to the correctness of human processes. However enabling straight through processing from a process running in the cloud to enterprise systems would likely raise more concerns then a BPM project would want to be dealing with.

Perhaps a hybrid BPM model where processes can move in and out of the cloud would alleviate these concerns.

Maybe a BPM "proxy" layer running in the DMZ perhaps? This keep all details about an organizations internal systems out of the cloud but would still allow the higher level orchestrating process to run in the cloud.

Thoughts?

The Future of BPM: Smarter, Simpler, Seamless

Here is where BPM has to move to gain widespread acceptance. It has to get Smarter, Simpler and be Seamless.

Smarter Process Management
Processes need to be able to manage themselves.

BPM runtimes should be able to automatically detect bottlenecks and add more people to a team based on defined policies.

For example a task could be assigned to normally be executed by a team of claims adjusters but in the case of a spike in work, after a storm for instance, the task could then be assigned to managers or skilled members on other teams.

Organizations have these business processes defined in policy guides and it makes sense that the next generation of BPM tools will be able to bring these policies to life. 

Automated Decision Management
Processes could be integrated with Decision Management systems in call centers and customer self service sites to ensure the business processes that get initiated react in the most appropriate way. Decision Management is very powerful when used as a stand alone tool but integrated with BPM provides seamless automated processing that adapts itself to individual business situations. 

Approach
Stop trying to drive BPM concepts to developers and talk to business users. We've been trying to focus on BPM as a productivity tool but we need to focus on the business benefits of managing a company's  competitive differentiators. These differentiators are their business processes and rules.

Very few businesses are focused on producing physical hard goods but instead are working on producing new services or "soft" products. The processes that are followed during the creation, launch and maintenance of these products is the key differentiator for organizations. 

Adoption
BPM tooling is mature but for a solution where it is critical to know who is executing what task single sign on has to be easily supported and leveraged. This should not be a techie feature but focused on how fast the BPM functions can be rolled out to users. "Look we are integrated with Netegrity, let's deploy this process into production" Support of OpenID would be useful here.

Seemless Integration
BPM vendors are acquiring CEP and business rules tools to expand their solutions, however their products are still not fully integrated other then though Web Services or APIs. Common UIs, authentication and authorization, repositories and deployment runtimes are required to avoid complexity when users try to combine the capabilities of these tools.

Process Mining
Business Intelligence is making great strides in the field of data mining. Applying data mining technology to BPM would enable the benefits of data mining to be applied in real-time. The results of process mining feeds back into Decision Management.

EMC and Watson

A response to http://blogs.forbes.com/rogerkay/2011/05/12/despite-itself-emc-chooses-ibm/

The fact that EMC had the magnanimousness to recognize what IBM achieved with Watson should be seen as a positive but this post puts an ugly spin on the award. The post actually mocks EMC referring to "salt in the wound."

I hope that this post does not discourage companies from recognizing each others achievements for fear of spin like this being generated.

So congratulations to IBM for Watson, and Kudos to EMC for being big enough to recognize the achievement and being smart enough to realize it has the potential to drive lots of storage gear.

Where do you think BPM is going? Part II

Many of the major BPM vendors are working hard on the integration of CEP, BRMS and BPM functionality aiming for a unification of these "business modeling" capabilities. Since these vendors are focused on integrating existing function right now I'm very curious about what comes next. TIBCO clearly have had the lead with respect to CEP going back to early last decade when they were pushing the envelope with research and academic work in the field of event processing. Similarly iLog and Fair Isaac were the leaders in the area of Business Rules Management going back to the 90s. The CEP, BRMS and BPM products moved forward fairly independently of each other.

I'd like to give you a bit of background so you know where I'm coming from, if you're not interested just skip ahead to the heading "WHAT'S NEXT?"

In the early 2000s I was a using BEA WLPI 1.x (later known as WLI) and was just happy to have a functioning engine that was stable enough to survive a massive wave of new customer enrollments that hit the system when the newly deregulated electricity market opened in the Province of Ontario.

Looking back at that and my other BPM projects the usefulness of rules engines is so obvious I'm frankly flabbergasted that we at BEA soldiered on without a BRMS until the acquisition by Oracle. What were we thinking? Taking a fresh look at my old process models the benefits of a rules engine would have been at least as great as benefits we realized by implementing BPM. We had our relatively simple rules buried in relatively complex processes which kind of defeated one of the goals of BPM which is to make a system easier to change.

CEP would have been very interesting to use in the competition scenarios that we ran into when multiple electricity retailers tried to acquire the same customer. The temporal aspect of CEP means we could have done some real innovative stuff but my team and I did not have such a capability available to us so we had to make due with events mapped to processes which interfaced with a custom state machine. Our state machine took the concept of time into account so changing the event processing logic often resulted in changes to Java code.

So I'm sold on the idea of integrated rules management with BPM and have seen BPM projects that would have benefited from CEP.

However I'm also confident that there are other innovations that are coming to our field but what these next functional innovations will be is not clear to me right now.

WHAT'S NEXT?

What will be the next functional advancement for Business Process/Rules/Event Management?

Will it be Social BPM and how do you define that?

BPM Analytics, Business Process Mining?

Lightweight BPM for situations where the process makes itself up as it goes along?

Self aware BPM tools that apply mining algorithms to themselves to detect negative trends before they occur? Could IBM combine SPSS with BPM? What would a TIBCO or Appian do combined with SAS?

Let me know what your perfect next-gen BPM would be able to do. I have my ideas which I'll be posting in the next few weeks.

Where do you think BPM is going? Part I

I'm curious where BPM is heading. When I first saw Lombardi's BPM product in 2008 I was pleased to see a vendor focused on functionality, not the slavish chasing of a paper standard.

Every feature in the product was something that I literally had to custom build over and over again on projects. Clearly the product team had done more then a few BPM projects. It seemed like real progress had been made, but for some reason the BPM community is still focused on compliance to standards that add little direct business value. BPEL, BPMN, how do these help me get a business process managed?

Don't get me wrong, I truly hope that we get to BPMN export/import nirvana, but I'm very skeptical about the chances of success and would just like to get on with the job.

Where would the business intelligence community be if its success was based on chasing a standard that would allow somebody to seamlessly export and import dimensions and facts from on vendor's cube to the other. This is one of the unique aspects of BI compared to other IT fields of study, the business in engaged and drives projects forward often pushing aside technical objections.

BPM has the potential to be as game changing as BI but many customers seem to be waiting for the next version of the standard de jour to avoid lock in.

The vendor community is producing amazing tools that put the B in BPM and I still see IT departments crossing their arms asking about the extent of a products BPMN support or (even still) the occasional question about BPEL versions.



So what do you think? Are you waiting for a given standard to be supported and if so what are you looking to get from it?

If given a choice would you take better standards support or better functionality?

Chrome and Android

Google's Chrome aims to remove applications from PCs because users managing a PC is a "flawed model" however Android provides all the configurability a Linux user would love. So Google wants my phone to require more maintenance to keep running then a (Chrome) laptop. Clearly two teams with differing goals.

Frictionless Software Procurement

Commercial software vendors market share is dropping due to pressures from Open Source and Software As A Service vendors. Commercial vendors need to change the way they interact with their customers. In particular licensing models have to reflect the value the software provides to customers.

The perceived value that is assigned by the commercial software vendors to their own products and the need for these products to generate revenue to support sales, legal, finance and marketing organizations at the software vendors has lead to a one-sided procurement model in the industry where customers are forced to pay up front before getting to install software. Discounting and enterprise deals further encourage large up front investments based on vague knowledge of what is being purchased. Quarterly pressure to meet Wall Street expectations push vendors even harder to get to the payment and PO decision point.

Sales reps are trained to see value in what they sell and to point out this value to their customers. With software, value is only provided after the software is used by a customer, the shipping of a CD or the download of a license is valueless. In spite of this because payment happens before these events occur the entire software industry is conditioned to attribute value to purchased software, even if it is not deployed. Customers of course see it entirely differently, purchased software is in many ways a liability until it is in production.

When considering a procurement from a commercial software vendor customers struggle to truly understand a software product and until they sign up and provide a PO any information provided is at so high a level it is meaningless to anybody with a technical need to determine a product's fit in an organization. It is akin to jumping out of a plane with an untested parachute. Even customers that run long and arduous technical validation processes (Requests for Proposals, Proofs of Concept) still find themselves having to make a large investment before they get any value from the software they select.

As such commercial vendors are losing more and more market to open source vendors and I'm quite sure that this is not just because open source is "free," but because it is easier to procure. With open source the investment in a software product is largely based on internal costs that ramp up as efforts are put into deploying the software. There is no large up-front leap of faith required, or at least a smaller one then signing a 5 or 6 figure license deal and hoping for the best.

Software as a Service vendors are also growing in spite of potential concerns about hosting data off-site not because people explicitly want information in an external cloud but because the costs often ramp up based on a model where payment is made when value is provided. Cloud does this in large part because it is the only possible payment model. The fact that the software is running at a vendor location certainly helps in monitoring the actual work or "value" provided by the software service.

Traditional on-premise software vendors need to adapt to these new methods of procuring and licensing software. They have to become frictionless, with clear technical documentation, a simple evaluation process, free or low cost development tools, and pay as you go licensing.

If somebody wants to try out software this should be easy to do.

It should download, install and reinstall like a dream. How many times do you get the install of a piece of software to your liking on the first attempt? Doing this should be free and one should not be required to give up private information to be hounded by an inside sales person in a call center.

Since this is commercial software time-bombed, or limited scale downloads, I think, are fair game.

Being forced to pay for development and test environments at the same rate as production systems is unfair, and discourages and inhibits software being put into productive use. The licensing models must take development and test into account, just counting environments by servers, CPUs or cores is not good enough any more.

If somebody wants to take the software into production the licensing needs to be determined by the value the software provides the customer. Payment per connection, user, transaction, something that reflects use, is what is needed.

Such a model would encourage software vendors to truly change their behavior. Vendors do not want to leave customers after the purchase. If new prospects did not come up they would be very happy to continue helping existing customers deploy the software that they truly believe makes customers more efficient. But new customers come along asking questions, wanting presentations, demos, workshops and proofs-of-concepts as *they* now wrestle with the decision whether or not to jump out of the airplane. Because of the software license model vendors are forced to move on to customers that are still at the evaluation stage.

Commercial vendors have to widen the playing field and get an order of magnitude more people trying out commercial software without the the sales process getting in the way.

This would happen in one fiscal quarter if software vendors received compensation when their software provides value in production. More people would be trying out commercial software and the overall share would increase, they would be on a level playing field with cloud and open source vendors. Think about your vendor now compensated to grow the productive use of software not getting you to simply purchase it. All the Wall Street pressure would be focused on deploying systems not just getting POs created.

Until the commercial software industry realizes this and changes it's licensing models more customers will grow frustrated with them and they will continue to see their market share shrink.